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SYSTEM AMP FOE ACC1SSIMG FE0TECTEP CO^TESIT 

c:ross«fei«ce to eilatep cases 

This applieabon claims *ft-b«sndt -§fU3+ Provkie.ua! AgpitmimnM®,. 
5 60/172319 mmm -System and Method for Digital Rights Mimai^ment," and. U.S. 
Frcm^ No, 60/1 7:2,318 entitle! System ibr Dtefefeutmg: Ogms* 

Having MidtOevef Seeerdy Pmteotioef * bath filed at* December 1 7, 1999, 

FIEL D Or THE IN VENTION 

The present kw^mio?^ relates generally to distribution of electronic 
10 coitei ana, »e partieidady, to systems and methods messing protected «i$rat 

EACMO:M>eWB OF THE IN¥ENTI0M 

As the av^0afeil% ami use of compute palmobred electronic 
fevtoos fern? jA^reMed* it has teems common for documents to fee tr^mltted ami 

1.5 viewed elec^cMieally; With mprovexnm^ in Hw ^m4 m& fadbty of c®mm®mmiimi 
over Ii#astraain^^ seeh as the Internet tbere is a temmtesi drive to provide enhanced 
services and content to the device, E;*uevptes of services and eonteot dud may fee 
provided are authored works, such: as books or ether ie&mal material Bl^feafc 
distribution of te^t doeoments k feofh faster »i cheeper than eonventionat distribution 

20 of p&psr mpm* Tee « prineride applies to non-t^t content, sueh aedio and video: 
eloolrooie distrifcoboin of snob context is gmwliy itatar and creeper than the delivery of 
such content on oonYeohone! media (e,g, ? reageede imp& or op&al disk). However, the 
low next and nietsntaoedy of electronic distribution, m coo^bmabon with the ease of 
copying electronic contend Is at odds wdh corbroded distribution re a m<miwtb&i 

25 protects the rights of the owners of the distribute wo rks ; 

Once an. electronic dooume^t is transmitted to one party, ri may be needy 
eepied end dAiribeted to others without mdhorfeadon by the owner of rights m the 
eloetmeie documeot or, otten, without seen, the owners knowledge. To A type of illicit 
doeureent d Is trihahon may deprive the sntlior or content provider of royalriov end/or 

30 w«, A problem with maay present delivery schemed A that they may mshe no 



provisions fdrpjpt^tmg ownership rights, Ofber svstms attempt to protect o^m^hip 
rights, bat however, ere eumhwsome and mfioible and make the vi ew i a |p re a d* eg o f ih e 
authored works (or otherwise reodermg the ^fe» works, hi fee oase ofrmn-teat 
content such as nwsie> video, etc.) dimeult for the put^ha&er, 
S Thus, in. view of ibe above, tea is a neecl Mr an improved digital rights 

management system that allows of delivery o f electronic works to parohaaers m a 
m^ier that propels owoemliip rights, while &k& bemg ilexibte and aaay to ase. There is 
sdso a need for the system that provider flggibis levels of security protection ami i§ 
oporahfe oo several client pktjferma siseh tb&i nteeC^nie content my b$ v^ow^d/t^ndered. 
10 by its purchaser on eaeh platform. The digital rights mam^ement system ol the preseot 
invention advantageously provides sol a horn to the ^bove problems which protect the 
intellectual property rights of eomeot oweers and allow for authors or other emneni 
owners to be compensated for their creative efforts, wbbe ensuring; that perch aser s are 
oot ovembimfened by the protection medmmsrm 



IS S'TOMAIW OF TH E INVENTION 

An arehiteeture for a co^fel-mmlmng cheat m a. digital rights 
managemerd fl3RM* v i system i $ pxxm&M . The cWhit«W hml^dos a reedermg 
application (e.g., a texnvlewmg applieatieo or "reader 1 which renders content protected 
by the DKM Systran. The mrbneaere also Includes various security features that gnanl 

30 against ^B^itiboti^ed di$tribu£lo£i or ase of pmteetM aoeteot, as web as software 
eomponents that navigate the seeerby thamres to allow content to be rendered m ia 
appmptiate client eo virrmnmaa 

la ancordanee with fe«Mte W provided* •oantetft may be protected at 
a phnalby of levehu including: :-m ptotacnoa, source sealed, oehvMuady sealed (or 

25 :: hnsnrfbed v m mwcz signed, and fhlly indi videali^ed lor "owner enclucrveT "No 
ptotwtion" content k amrlboteb. In au eeenerypted Jbrmaa s; Soeree sealed"* and 
"individually sealed" eontem is encrypted and handled with an cryptographic key (the 
%ameot fcey'b ih&t la cryptographieaily eealed with, certain :dghm-nmnage:n:mm data 
associated with the content such that the key cannot he rctrmved I f the dgbts- 

;h'J amnanenasat ears a as deeo. aaered, toe mstmooon betweee "soman arm >hndividuar 
sealing Is that "ambvibnally seated" content melabes in the oghtv-maoagemeot data 
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sn&nnauon pertment to the kghthd ^w?«r (e.g> ;: the owr^rs name, credit oard number^ 
m^tiiusabsr or te^ctio:n !P ftfe ih$ p^h^ lraim^km, .s$o4 snob that thfe 
•5n$%nBMi0B cannot fee removed from s working copy of ifas content, thereby aO owing Tor 
detection of unauthorised dlstribin^o. Tk$ parbeuiar type of ktbnnatioo included & 
5 determined by die rebdbr of the copy, "Signed" oootent is eryptograpMealk kgued. in. 
such e way that the rendering tspplkahon can vmfy "sts authenticity, or $h«? authenticity of 
its dlsttifenticsn ebaonel "Fidly iodividimli^d^ cogent is. encrypted content provided 
■with a decryption key thai has not merely been: »M with, the ri$^U~mm*gmimt : 
mihnm&OBy but also encrypted In such a way that it cannot do accessed, to the absence of 

1 8 a ^ecore repoktory" and ktetivabon eertlfkatek w'bkb are issued only to a particular 
client or act of clients, kerehy limiting the o<$e of swh content to a finde mender of 
btstahatioos, : kk!ly Indi vidualkesT eontoot ateo includes a ikoose, which specifies the 
rights that a uaet moy exercise with respect to the content. 

In one endxehrnent of the invention, the client is ossd . for fading hooka 

IS or text, which are distributed to the client in a the having protection, as desakbed above. 
Frefernhly, the eiierri software and data relating to the pretention and. nae elbhe content 
mcfadea: the rendering applic^ion (called the ^r«kr' m the ease wivere the content is 
teat); akmoaiemeok component thai performs imaeaikg of ptx>teeteb content and 
certain other cryptographic Sinetvoue- a software object that provides to content 

to diaikbotoes bkbrmatioo such as the InstaOabon and/or "kch vatmn" status of the roader 
appheation, ss well as kkemaiion ahem the " activation" eortincate that is needed by the 
dktnhutor m order to prepare ; krlk kdhddoauzek* content whose deeryptahhky is 
limited -to a certaoiset of readers; and an 'kctk^iok' software o'bfeet that performa tl^? 
kmohon of ohtmnmg a seoirrea^osrmry and activation certificate fca'aastaHaikai on fee 

25 client Ptekrahlyt ke aekvaboo software object k embodied as ee ACTIVEX crmttob 
and. the object that pro aider inibnmknn: to eootem.oihanhntion sites is eokodiek as m 
ACBVE3S. ankor browaer pkg-k wmpped to one or more Java script functions. 
Additionally, k is prekrabk that the o^aoagement object he opershie by the reader 
applkatkn through an API exposed to the reader opplkstioo.. 

30 the content key of Mty indkidueloak content k encrypted 

according to a puhlk/po vate key pair associated with a particolar actkadon certkkate, 
and a cony of the scewahoo eerdhcate may he provided to various cuem kevtccs owned 
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or used fey a |Mttkemr p®&0®(&t *^mm*&% :»k ltet oBepwoti can read the «o 
;u^mdtm]izrf A oootont on plural devices owned hy Sat person, wfer^ o&r 
people who own dmilar tteviocs cannot road that same "&By mdivMu<^l»r < ' content 
because the a^e^ry aetMon eerdllcate will not bo Issued to too petsons, thereby 
5 ItoiflBg too dis^mmatkM of felly mdivicl^lkod oomeM. 

Other features of the lovmion ar^ desodbod below . 



BRIEF OF THE BEAWliGS 

The forsgoksg. summary, as well as the idRow.bg detailed description^ is 

better ^EdffiteoS wheo road m oonf onedon wdfe .the appended .drawings Far die purpose 
1 C) of ill lighting the invention, like references numerals JN^ufescHt shafta? parts throughout 

the se veral views of the drawo^ge, it feeing uftd$£staqd # however, tnat the mventkm in not 

limited to the speeme oMheds and b^mm^teiMes disclosed la the drawings: 

log. I Is a block diagram showing m exompiary oomptaiog eovimmneoi 

b which aspects of the pr^o^t oivoodou may ho implcmeaiM; 
I S Fig. 2 is a dlook diagram of a first omhodiment of a titiGQt arohite^to 

imptemeotkg aspeots of a digital rights :m»g®« sysfeti io accordance with the 

iavenden; 

Fk, 3 is adlooh diagram ef a .second embodiment of a -client arodhectore 
im|damenting aspects of a digital rights man agemoot system to accordance with dm 
20 Invention; 

Fig, 4 ^: m omaprlory elootroole hook (oBook) dite lile fe.miatt 
Fig.. 5 Is a !!ow diagram ilmstmmg a i^ad&r actlvMioa process sod 
Fig ; . 6 k a dew diagram, tfiustr&tmg e^oorphify processes of^mstlng, 
ohtandag aod reading so eBook using a digital rights mao%e:o;:iom system according to 



DETAILED ©ISCaiFTIOM OF THE INVENTION 

The preheat im«fe Is directed to a system lor processing and delivery 
of etsotmnk oontoot wherein, the oooteot May he pn-m^oted at mudipte levels, A prolorred 
3:0 emhodimeai of the Invention is dcsorlhed, which Is directed to the processing mx6 



deliver of etecfroni^ boo k^tmw ever, the invention is not limited to eleotroaie books 
m& may meluite dldigkal cotUe^t such m video, audio, software exec^taMes:, data, etta 

The $i^^o.fl : b^ ^at^Nk imto^ wit! usdoufel^Sy i^u&e 
S pnwidmg the existing bookdmymg public with. ^.p.^lkg-, secure* and farruE&r 
experience to acquire all sorts of textual matwmL This materia! may iticdftd* *'f^' or 
lowmost material HttUt copy protection, to ^pr^ml^m-quaHty^ eieetronie book 

tides {herein "gBcK&s?*} ?wqmrm$ mm^r^mmh^ rights proteebom In order to enable a. 
smooth transition from the oormnt diablhnhen aa&i modal; ibr pnomd books Into an 

10 ek^lx€^k: distribahoB system. <m iobrastraetore must exist to aaeot-e a high level of aapy 
pmtoeio^ for those poMieationa bmf d^maed It, mpp^nmg ih® di&nhunm of ti tles 
thatmpire towor jovol^ of pretention. 

The Digital Eights Management (DEM) and Digital Asaet Server (DAS) 
systems of the present iwamkm advantageously provides saeh an feCmstmcture, The 

1 5 present i :nv Ml on makes porch mm I an eBaok mors desira Mo than ""stealing" (e< g . , 

making an oBaatborked eopy of) an eBoofc, The m^trw PRM system minimkes 
piracy risk, walk iaareaahtg the likelihood that any piracy will ba offset by baaaaaeb 
sal^a/dismbutlnB of books in the femoof eBonks, & addstkm, the pnexeai inaction 
provides trailers with: a system that can be rapidly deployed at a bw«, 

20 The primary nsera of the syab&B are pobkvhers and re ta&rs s who use 

and/or deploy the systoni to enaore lanhbnaey of fe content sold aa well as aopy 
pmmetioO:. Exemplary, usera of the eastern may be the traditional pubiblier, the "Tending 
aage^pablisben sad toe 'linngry author/" The traditiotra! pufeliaher b likely to be 
concerned abont losing swamsa from. th^ir prbl^l book pnblislnns operation to a Book 

25 pkaoy> foe leading edge pobiisheria not necessarily aoneemed with isolated incidents of 
pnaay and may appreciate tbat eBooka commerce will h® moai anoceastkl in a system 
wbare ennsaiaere develop habits of parehase. Meanwhile, the hnngry author, who woahi 
like to anllect money for the aste of Ida or her works, is mora baareaiad m attribution, 
(e.g.., that the author's name be permanently bnnmita the work). 

db As will- be deseribeb in greater detail belo w, die ITEM: System of the 

present nwenhon aoeomphshes be goals by proteohng. works, while anabhng then 
rightful use by eoaeomerSv by aappnrbhg aanoaa "bevela x of |a-oteetnm. At the lowest 



fc^/el .fX^vei. f % the comest source a&d/or provider^ay ipse :ue pi&facikm vii 
ooslgned mid unseated (eterv^t) elk^ks that do not. &M&de a license A boxC level of 
pmiectlcm f X^vd w v ) is u, $ource sealed/" which tneaoa that iim canteoi has been 
TOcrfpt@<l and sealed with 4 toy, when* the »Nl is mai using a ^rvptdgra^Mc h&B&-&£ 
5 fee eBoofe^ titles meta-data (see Mlow) « the few m necessary to deerypt the 

&w sgaliftg guards Hgai^t tarnp^ring with th^ eootent or its acmmpanying meta-data 
after the title has been aeated, since aoy change to tte fe£t&~d#s will render the title 
unusable; however, source; sealin g does not guarantee autheniiady -of fee a copy of the 
title (be, v souxue sealing does m>£ provide a meebaoi^ copies 

!.(> .fern unauthorized copies), lit the case of the hungry author/' the author's n« may be 
moteded m the m^ta^ta Sir perma^M bbfeg to the content, thereby sahsfyrag the 
"hungry author V' g#s! ^f^ttriMm -Aae&l ievehof unneetion ( s Xevct *T) is 
*1mdivideally sealed" (or nnsorihed";f .An %&i«!y sealed^ title: is an zBook whoae 
mom-data hseifudas information related to fee legitimate purchaser (e.g>> the user's name 

1 5 or credit card, noraher* the trHn^aetion IB or receipt dumber ilm the purchase 

iraasaehorc etc.), such that tfek inihmiatlon is eryptographeally bound to the content 
when, fee title k sealed, this Iev# of nswteehon dlseoarages people horn diMnMtfeg 
copies of the title, stone it would he easy to detect the origin of an eoaufeori^ed eppy 
(and any change to the re eta- data, including Che infhmmhon related to the purchaser, 

20 would snake it impossibly or at least i mprohah ka that the necessary decryption key could 
be uusealed). 

The next level of pvneetien f Xovel 4") is : 'source signed/ ' Sotuxe signed 
eBoofcs are titles that can be authenticated by a "reader^ (which, as more partteutMy 
disanssed below, fe a -aser apphearloo that enables the reading of eBoafes on a. europeting 

25 device, seed aa a PC, a laptop, a Ihnsouat Digital. Assistant (PDA), PoekMPC, or a 

purposefeudi reading device).. Aathcntiehy may |ne!erahly be defined m three vanebes: 
**tool signed/' which gaarardeea that the eBook title was generated by a misted 
conversion and encryption tool; -%wner signed," which is a tool si aoed eBook that also 
guarantees the aothe^tkhy nfthe ernnent in the copy (eg., few»«y be the author 

30 or oiher copyright holder); and ""provider signed,/" winch is a tool signed eBnok Chat, 
atteate to the authenticity of its provider (e>g> > the publisher or retailer of the emnentf 
the v 1ooiy the owner, and the provider may each have then own asyoeoeoic key pair in 
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&dllmte Vt»<aMt^-mi validation of digital s%n&&isrss of- the m^miatioH. A htfemay 
fee both provider sigmad and source sigmid, which fedliMe^ s^thenika^ioH of the 
•dktrUwtiosi ehannol of the title (e.g.., through a signature cimn. m the copy). Tte 
strangest tavdi of protection is *Tuitf mdivi^uali^a:^ vv*<iwn» «dusi.ve^'fte^l S'l> 
5 "Ihdiy mdividoahzed' titles e&n only be opened by autfemd^^l reader *h*f 
l^e^^tivat^ fer a particular user, thereby protecting agaatst parting of a tide teume 
person^ reader (or readers} to a reader that is not registered to that person, hi order for 
foe reader of fee present m opes* a title protected at Levels, the Reader mast tee 

^activated"" <he„ the device ait which the reader resides must have an aetivatien 

10 eerbfieate ibr a particular persmna and a secure reposhnryh The process of Aeb vation 
will be described in greater detail bdow with reference to Fig, S, 

Ilia systems of the present mvenbon afeo dedue an. architecture lor 
sharing inmresahon between a reader, a eontem provider aad a eenieat somee, how that 
mfomsahoa is used to **seaT titles at ill a various levels, ami. how that refenmtion m«: 

1. 5 be structured . The avail abddy of these ohoi ees wib enable content sources to pick and 
choose which content wO! be sold in what users and using what protection (t£'my% The 
particular information may be used to sign and/or sea! titles for use by a read er, and a 
eempatihle reader (which, in the case of level I, may be a reader activated for a 
parbeo^r p&s&nsg may unseat die hbe and enable readmg of the eBook 

20 System Arohi teeture 

A s sho wn in Fig. L arueaempbuy sy mem. ibr impleme^dBg the invention 
includes a general purpose compehag device to. the Id rut of a con vend coal personal 
computer or network server 2d or the like, .die biding a prnceasmg omt 1L a system 
memory- 22., and a system, has 23 that couples various system components deluding the 

2S system memory 22 to the processing unit 2 1 . The system bus 23 may he any of several 
types of has atmoturesinelading a raemery bus or memmy eontrnder, a peripheral, bus, 
and a local fens using any of a variety of has archueeteres. The system memory includes 
resd~on!y memory (:ROM) 24 and random access memory (RAM) 25, A: basic 
iupntd>utpnt system 2d (BIOS}, eoolahnog the basic routfees that help to transfer 

3d hrformatkm between eieanmts within the personal computer 20, sued as bating start-up, 
is stored hi ROM 14, The personal computer or network server 2d may forther include a 
hard dish dslve 27 for reading than and writing to a hard disk, not. shown, a magnede 
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disk drive 2E for reading sk>m.&r wrifeg to removable m&pmp disk if, and an: optical 
disk drive 30 for reading Sot orvmbog to a t«w* opk&i 31 auoh as a 
CB-BOM or other opdsal media The hard disk drive 3 : n : magnetic .disk drive 24 a**4' 
optical dkfc drive 30 are connected to the system bos 23 by a. ham disk dove interlace 
> 32, a magnetic disk dtiw i»tfw 33, ami an optical drive intar&ce 34, respecH v#y . 
The drives aod tfedr^ockted compnter-Teadable media provide oonwolaiile storage of 
composer readable instructions* data $&tu&&&$, progtaoi modules and otber data for the 
personal oomp^tor or network swr 20. Although the exemplary eovirono-mot described 
herein employs & Kurd disk, a removable magnetic diak .29 and a removable opricai disk 

10 3L it should be appmcmied by those skilled m the art thai -other types of oompatar 

rotable media which can store data fet k aeeesslfete by a cooipoton such as magnetk 
eaasettos, Saab memory cards, digital video disks, Bernoulli cartridges, random accesa 
memories (RAMs) : , mWy memories (ROMe) and the like may afeo be used M the 
exemplary operating environment 

1 § A number of progmm modules may be stored, on iho Mrd disk, umgarebo 

disk m optical, disk 3 !, ROM 24 or BAM 25, mciodmg an operating system 35 (e,g>, 
Windows® 2000, Windows NT1X or Windows 55/98), one or more apuiicatmn 
programs 36, other program modnlos 3? ami program data all, A oser may eoter 
oorrananda and ieJbrnndioa into the personal computer 20 through input devices soon as 

20 a keyboard 40 and pointing device 42, Other input devkes (not shown) may inclado a 
miaropborar> ioyetlok, game pad, satellite disk, scanner or the like, lamaeaed other input 
de vines are often e^oneetcd to die prneeseiog and 2.1 throngh a sedal pan interface 4b 
that m enapted to the syemm boa 23, bat may be commoted by other nbertaces, such ss & 
parade] port, game port universal serral bos (USB), or a 1 394 hiab^speed serial pore. A 

25 monitor 47 or other type of dbplav device is also eonoeeted to the systeor bus 2.3 via. « 
iotodaee, soon as a video adapter 4i:, In addrbon to the monitor 47, nemomd computers 
typieaby mclnde other peripheral output devices (not shown}, such as speakers and 
printers. 

•the persona! computer or network server 20 may operate in. a networked 
30 environment mang logical connections to one or more remote oonmuteoo such as a 
remote compiler 49, The remote computer 4v may he another personal eompoten 
aoetner netwnrfc server, a roarer, a network. PCX a peer device or other common network 
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node, ami typleeliy inolndes many or Ml of fe eteeats fecrifed ahov^ relative to the 
personal computer W f although only a -memory storage device 50 has been Illustrated in. 
Fig. 2, The logical eormeehoas depicted m F%> 2 itt&fcte a local area network (LAM) 51 
»i a wide area network (WAN) 52; Such net working snvmmmeros are commonplace in 
§ bilker enter piiae wide computer networks, Intranets and the Internet 

When used in a LAN m^twarkmg ■^nvirbnxn^nt, fee p^soml eompirter or 
oeovork aerver 20 is oooneeted to dre local network 51, itemgfe a network interface or 
adapter 53, When esod In e WAN networking etivlT^m^eBt, tfe^ pensoBa! compfe or 
oetweek server 2CM:y|heohy includee aomdeni 54 or other means lor eMablisblng 

10 tomiicJite oyer the wide area network 52, s;oeb s& rite Internee The modem 54, 
which may fee interna! or externa!, to die system fern ,23 via the aeriei port 

mter&ee 4<i In- ^.xietworkai- eiwixom^ntj. f rqpra monies depicted relative to the 
personal computer or network server 10, or pardons thereof; may foe stored in the reorote 
memory etoruge device 50, It wall, be appreciated diet the network eormeetiooe shown are 

I S exempt&ry and other meats of ee^fellshing a eemmomeabom link between, the 
eontputer s may he eeee. 

Client Architecture 

Referring now to FIG, 2> there A Illnsimted e first exemplary client 
architecture 90 in aeeotdanee with the present inveehorc The client urahhoctors 90 may 

10 he imp) eroen tetl o n the person a l oompo tar 2 0 o f FIG ... 1 o r other appropriate competing 
device, sueh an a potowefeed coo^puter, laptop compote o or c losed device that A 
pomo$e>>doi!t for reading eBook titles. Ghent tamrhectare 90 iodobea a reMer gtMt f 2 
(or Aweder § T*) ibr reading the eBook titles lit end a web browser I CS the 
MICROSOFT^ INTERNET EXPLORER browser) for contenting Rct^lct/Diatdfenmr 

25 sites, A cryptographic transform I a pro vkte4 which may be a plngoo for en Information 
Teetoology Storage System (ITSS) S>2 9fo The cryptographic trmaforro. Is a .software 
coorpoooot thet will unseal the content key ai decrypt the content stream coming out of 
the eBook lite or "LIT hie" 1 0 {shown in FIG, 4), The eryptogreehic transform is 
preibmbA Inlplero^fed as an estenAon to e^iedoe ITSS oh code being used by the 

30 lender 02 for LIT fifea 10. This e^teoamn Is lostamieted whenever encrypted content is 
$weeasod, A Bookplate API f 4 is provided which retaroa the perclmeehs name (or other 
tnionrattion related to the pnrchasor! from the- ^^^tog^pfei^liy hashed Bookplate 
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strata* 14C ia* the DEM Star&gs ©fefcet 14 of each title 19 (c,g., in the eat* of 
m^hldually se&ksd titles that Include the immh^er^ name or mheriamtifykg- 
infenwion : m ihdfc m^iim^h 7hv siting retarned. by this fmmtkm m&y b& urnl on the 
bock covet page !00 to identify the rightful o&xm of the title an sample, m which 
5 the string ^ the user s we, is depicted *a FIG.. 2, If the eaer clicks on trie name 

displayed (or taps, m the ease o f tooeh~ac reeo d.e v * ees) or a Copyright Notiee.dcon on the 
cover page, a dialog-box empliMfcing: the copy ri ghted nainre of the pubheadon may he 
rendered Loan! &t$re M ia prefer ly a directory or toktor where eBonks may he atored. 
(Aa 4taeu^ei Mtow m. connection with FIG, 4, eBook 10 k a tie containing the content 

10 of the book, as wall as other inibmmhoTU For example, when arcfrheetare 90 k 
inmlenimt^d on a device operating asdar one of the MICROSOFT WINDOWS 
operating aptema, local store 98 may simply bo a directory ea&d ^G:\MyL|toy^ 
Browser 1.02 b a -typical browsing; program {apeh &a the MICROSOFT 1KTEKMBT 
EXPLORER browser or the SCAPE : NAV!0AT0E brow^erh it is e^ed m contact 

15 retail aires that sell eBookc ana to engage in tr^saehooa with those sti£&* in some caeca, 
reader f:E may have an 'integrated bookstore : featare that contacts retail sites, and 
feoiihates slipping withont the use of a general mowamg apMioation 102, 

Referring now k> FKL 3, tore ia illustrated a aeeond exemplary conn? 
ateMtectnre 90c hi the second client arcfeiteetnro, like roferenee nnoicraia rcpreecrh like 

20 elements as in the tiret client arehheetore, and die dieretere the deaoepdooa of theae like 
etementa are not he repeated below. The DEM Manager 80 is a component that eapoaea 
a act of internal APIe to the reader 92 , w hich, manage the authentication of application- 
relocating aoceas to motypiM LIT fitafc In addition to carrying-out decryption of 
oonteni, unsealing of keya, iteming of a Bookplate aarng (eg ., the naers name for 

25 dinplav in tne eaee ot for eamBgte, level 3 or level 5 titles), etc> For example, the code 
for reader S>2 may ineloae an mterfece call that ia part of the APL ; where the nail invokes 
eompnter-o^oentafeie lnam^tk>na to cany oat one of the a'feo ve diated feacti ona . The 
oompntar-oaeoutahle inammdona a^ ay be emoodkd k a. COM object and/or a dyaanrim 
link library (DLL) fe» he the reader 92, Different aeraiooa of the COM oh| cot and/or 

30 DL L may he provmed tc acoommodate apdatea to techno h>#?a (re,, to allow reader 92 
to work transparently, thongh a constant API, with earioua ckftcreet DEM tcehnotogiea, 
aome of which may not even have been developed at the time that the code lor reader 92 
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was owfel) Ik otre example the ^wdc^M^Nistratb* ofArahdeetnte 9Cr may 
pro vide a specifAaAon or d^C0|>fe.n of interface (Ag v a set of method ww14^fe for 
die AM) to the de veloper of the m&der 92, and mrf then pftfvidc a DLL or COM: object 
(0r mmsmvs DLLs ami COM objects) to the users of client architecture 90 \ in another 
5 examplau the aeveidper/^imimMmor of atAntaeture Ah may bo the same entity who 
provkfe »r 92, and may dofeo an API for f)RM avanager HO to feoiHtate 
conninnrAatlen with the vanons components of architecture 90 \ 

The aecure repository 82 Ann eaeeotabk that is downloaded daring the 
AcAvahon process and enaldes the Reader to open Felly hnhvidualiaed (Level S) eSoofcs 

10 {LIT Slesls Too secare ■■■repository 82 is preffemfely aAque (or sobstandally unim^c) tor 
each competAe device on which archhoeiuro 90' A rmpleorented (e v g. y a PC or purpose- 
brnlt fi^dkg devise), Seonre repository B2 hoids a private key thsrt A required .fbr 
opemng fel 5 protected dAes. Secure repository 8.2 may be obtained daring the 
notAadon process (described bdow), M osm example, the computing device on which 

15 archheatarc 9(r resides uploads {via a network, such as network 52) a hardware !I> to a 
Aecore repository server" (nor ahown), where the b&rdware I'D la foamed on hardware 
associated with the comp a taig device (e.g., by aerial nurabera or other combers 
associated with drat hardware) and ashqi^y ideoASes tho device. The Accuse repository 
eerveA may -ikm download, to eompahng device a secure repository whose code is 

20 Based on, and whose proper eaeeotioo is prefhrahA tied to, the oorapaiing device on 
which ereh declare 90' is rorpiameoted, where tke secure repository .performs fimctiona 
including app lying a unique pAvate key that is used A the process oi enseaimi the 
content key, as well as decrypting the content In an exemplary embodimenh the content 
m a level 5 title is encrypted with a synnTretric key; the symmetric key is encrypted with 

25 a pnlnic key contained irt an eotreation eeAIIicah^ the encrypted symmetric key is sealed 
with the title, and the activation cerAtieste A private key A cootamed. in the sctivaihm 
certmuate in a fern, encrypted, by the public- any of sceare repository 82, In. thA example, 
secure reposhety 82 decrypts die aeAvatbu certificate's private key osing the private key 
of secare repository 82, and then the activation cerdhecteA private key la ased to decrypt 

30 the synnn atria key, A system and method for or est A g see are repository 82 is described 
in Attorney Docket hhnnbet MSFTAA26, hied concarready therewith and expressly 
incorporated hy re Arence in its emiroty , 



The activation ACTIVEX control 84 is a oompon.eni iisod by ifee client 
computing device doling the aodvatkm pmoess (see below).. Preferably, ACTIVEX 
control 84 Is usee! by a l«r <e,,$, ;: a MICROSOFT INTERNET EXPLORER 
browser), which, fritmB/Is^ted kmfe 92 (althoagn ACTIVEX centre! 84 could 
5 also work with a standalone browser,} The aetwauoc ACTIVEX, oonmo! 84 eposes 
methods thai provide fe the vdidmioB of servers (e,g, ? the y %clwabon sercefraPt to 
wbieh. reader 92 {or the comptriiag device on which It resides) is eormacted, eomputstlo.^ 
of &e hardware ID, d^wnloMmgof secure rep^s^ry 82 (and aa^eiared activation 
ocrhiiicales:), and airtlteaticatian; aad EwtaEabon of the dw^ntoedeb e:*aeutafele, E*w 

10 example, reader 92 (or another software oonipocent) may contain bwtnwtlons to detect 
whether reader 92 has been activated and, if It Iws not been activated, may kMe one or 
atoee iBstructk^ to aetrvaoon. ACT JYBX control 84 to petlhrm the aetrvancan ami tfei^e 
ewtrnotioaa may mekute in^rneEena to perfbrra the aeta baled above. 

The wad commerce object Id is dtaniheted as both sat ACTIVEX control 

15 and a MEXSCAFE MA VIOATOk# plug-m. It may fee «!> v m c b entwrde acripmg, by 
retailors wfecn sel'hng .fully iodividaalimd cot^Ica (Le,, Level 5 protected copies), This 
COM object M la preferably wrapped by client aide script aaiahoae. wfheb ahaiTaet the 
-actaM methecla and uiAriying diEerencea between the piagdu and the ACTIVEX 
eontml The key o^ethods provided by the web commerce object 8b ami ita 

20 secompa^yicg interface are: detection of the im^talh^km of reader 92, detection of 
activation larmenmg of the reader into the activation fwoceaa (dee. Fid, EE 

retrieval of enesypied PASSPORT IB wnfe wmoh tEe reader waa aotwated, and rerdeen! 
of a (preferably encrypted) aebvation certlUcate dormg download of folly individualized 
eopiea (Live! 5 protected). For example, a scrip! (aeoh aa a Java script) may fee 

25 diatrlb^tad to retaEera of eBooka tor the retaEera web pages. The aedpt may 

eapeae JEnebee calla tfeatJcaple^e^t the aEovw-hated rnetnoda, and the aaript may 
«kfe code to determine whether it ia hemg executed by a MICROSOFT IHTHRMET 
EXFLOSB& brcwaer or a NETSCAPE HAVIdATOH browser, when? ft psea the 
ACTIVEX ooMro! in the Erst ease, and the plngEn in the aeeond eaaa A retader may 

30 etleed wly EanemE inatrnetiona to be pertdrotea on the client etnnpabng device by 
tranamatiog the script tfeat beEnea the nawoen ealla along with, aenpt ioatmcooea tltat 
inwake tbe fkm^lapa. For aaaotcle, a tctaEer may wish to detect whether reader 92 ia 



htsraited m *-«&ml*z comp?msg device, so m mm* may transmit to the eilem device 
a we h page containing the Java script the? dc lines the function of deteadng whether 
reader 92 is instelkd, eteng with m snatmeriors to invoke that riannioa. The detecting: 
fkoctlon itself may hmlade code to fgrferm ike detecting oanetmn &( either the 
5 ACTIVEX control of fhtt plug-in depeedieg on the bread of browser the script is 

execabng tm. & this way, the particular browser is Mfsestt© tfes retailer, who aw 
create a single web page that performs any of the abmaeliried Ideations on either 
browaen 

eBook Ihle Structure 

10 Referring now to FIG. 4, m exemplary eBook. (or %i tJT*). Sic steaetare m 

shown. The ©Book JO contains eommt 16, which is test such as a hook (or any 
electronic mWm% seen m audio, video, etc.) that has been encrypted by a key (the 
"content key"), which itself has heen encrypted anchor sealed. la a preferred 
eomodloiamh the key is a symmetric key 14A that is sealed with a cryptographic hash of 

1.S metadata 12 on re the cese of level 5 titles, with the public key of the user's activation 
certificate. This key is stored either as a separate stream Is a sah -stormge section of the 
eBook file (stream 14A of BRM Storage 14 in FKl 41 or, b the case of level S lltlesyin 
the license, fin the case of level 5 titles, instead of storing the eeraera key as s separate 
mma> somen 3.4A contains a liesnae, which m a construct thai defines ode rights that die 

20 user can exercise upon purchase of the title, ha titles that luree a license, the content key 
la contained within the licensed Also included, in hhe BKM storage 1 4 are. the scarce 
streaks MB, which may iraslade the name of the publisher (or ether content source), as 
well aa the bookplate stream 1.4C, which, her individually sealed (level 3 and/or level 5) 
titles, lueledes the consumer's name as provided hy the retailer (which may, for eaamphy 

IS be obtained as part of the ceaimereial transaction of porchsafog sat eBook. ICy such as 
lioro the consumer 's credit card lafmrnstloof The method of calculating the 
eryotcgraphie hash that encrypts and/or seals the symmetric key 14C {or the method of 
nslng snob cryptographic hash to seal the key) is pmferahly a/Teeref * known only to 
trusted content preparation tools and misted rendering applications, Usmg a hash In this 

3d very naay complicate/disisoerage tampering with the recas-data 1 2 contained, with the 
eBook 10. It is noted that any method may be esed to "seal* an eBook, so bug as such 
eaetlmd prov kle some measure of tamper resistance to die e Book Ml 
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In accordance with lbs present in vention, the rueta-foala 12 may include a 
copynght tag, which describes the rights iranted to Hut u^ror purchaser by the comaat 
soiree (e,g> > tfe^ ^WM^i Whenever pK-h lagk preseon rettter 93 may mmhxy to a 
user ttee text iochrded in the tag, for sample when the user tepa on the mime displayed. 
5 on cover page 1 00 (^howM In FIGS, 2 -m& 3) in «se of mdwida^ly se^bd copies, or 
on the **Copyright Notice" lkk (.m ife ea»of souree sealed copies with a copyright tag), 
wMeh may also be rendered on cover page 190, If the copyright, tag A not malodad in 
metadata 12 by the oontenr source, ..but da? eBook tide has been individually sealed 
(Level 3), the reading application haaed m. the disclosed system (e,g. :i mider 92) may 

10 OTler a generic copyright notice »h as the Ifollowmg; o^esaage, or « .siirixter meaaage; 
*No pan of this eleetronfc: pnfcheahnn rnny he reproduced, re distributed, or re- 
IraBsmiiied in any to* or hy any :m«% electromc, nm*®ka1, printing, pkom- 
eopying, recording, or by any inform a ban stnr^ge asd. retrieval system, without written, 
consent from the pefolbher. - 11 will he appreciated that foe act id dfepkyfeg reopyrlght 

1 5 nonce server to detar typical users fetn attempting to copy their elSoeks, ^! auch a 
notice may be displayed at any point during the viewing of an eBook when d k deemed 
advantageous to wM es^ that they are viewbg proprietary material 
Activating a Reacter 

As noted above, &etbmk>& «fe'b & fcHsmi lor purchase, download, 
20 end. viewing of felly indlykfcalwd (i .e., level 5) eBook titles, BwM enmpeterv 
running one of the MICROSOFT W1MX)WSi> operating ayfc? (or other gennrab 
purpeae operating syatema) ars e^mm% --<sqp<3^-f>I^^^»1»- ^w^tea^e- »f3^o»«£ can debug a 
running ptx&sm «! ereale ^tefeer' (aoitware wlSaiion modules) for hanking dm 
:^eutity of any application, the need to eatahbah a securi ty tmmework around the Header 
25 Client is a preweqol Ate for ntoviding true copy proteetion/reviatanee, ^AetfV&wxT k the 
pmceaa by whidi this Iroewrk ia rtblilN ear reader 92, 

It i§ preferable that foe activation prneaaa be performed using a 
-namespace authority A eueh aa MICROSOFT^ PASSPORT^ aa lbs activation 
data.baaa. The ase of F-ASSPOET^** advaelageoaaiy aOows the linking of the nser's 
SO activation eemrieete to his/her persona, Aa used berebe a "pereona^ 1$ a mrkyae identifier 

that can bo tied to a oner and can be aeearely aethentkated. by an out-onhand psoceaa 

e.g., a eaername and naaaword tone on a web browser for uae over a secure socket layer 
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(SSI,) te rn mmpte tmboAmmi of such an process. %Mn& a "persona" schema m 
mmmm&l mm mmi pwdtmed titles 00 any reader that has helm activated ttslhg the 
si oersomf * under wMpti the title was purchased. Also, m\$£ mtwMtA ihr activation 
miomMim may W-tm&w*$M®i<>. multiple merehants in order to eihrbnate the need 

5 for setverde -server corarmabeatious between the merchants md the activation aabKaitp, 
while mitigating ptivmy concerns. 

The excess fey which a Reader is activated will sow fee described, Cmee 
a riser purehasea a p»rpose4mlh eBoofea reading device, or obtains renter software for a 
PC (e.e., eta GB-ROM 31- or dewnioad viae wide-area network 32 such as the InteraeO, 

10 the user is encouraged to activate the reader the first time the reader Is launched (e.g., 
immediately after Setup for the Laptop/Desktop appheshen). For eaampm each time the 
reader is launched, it may cheek, to see whether it fata been activated (m anmhet 
sofeware object may check whether the reader has tea and vstedf II the reader has not 
been activated, the reader will render a dialog hex reminding the user he or ahe will eat 

1 5 be able to aegaira prernlem. titles that mqalre toll hdhnd nalieaboo (he,, level S 
protection). An example of seed a temioder la; 

Cmnmwddatioos 00 feisMIiog the Microsofeit) Reader, In 
order to enable year Keener for ptirehaae and download of 
premium titles that have been secured lor distrbaadon, 

20 you'll need to Activate b online. 



Abe dialog wy include feettoew to allow the user to activate the reader R2 
(cel., the dialog boa may display two bottona marked "AetkMe Reader now" and 
"Activate Reader latebfe. A "checkbox" may fee loeleded. in the dialog bee with a 

25 message such as ^Please deed show me this message hi the fnraraf winch die aaer 
woetd cheek if he or she has no interest in acgahmg level 5 tides, so dan the render 
we ald cease displaying the acti vati on message upon launch . If the R eader has been 
previously activated, the PASSPORT ID or persona ID of the laet uaer that activated, the 
reader will be reodered aa well as in a ^eplesh. screen," sneh aa Motivated for 

ell <persona>d s User may also activate the reader from any tetab web site, while shopping 
with a stand-alone browser. In this aeeaarlw merchants may leverage a method exposed 
by the Reader W'efe Commerce otpect Ed end associated acripr wrapper API to render a 
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link a&d/or button rfert hxmc^m»4u 92 m a separate process. For example, a merchant 
asay jaetad* m & web- page a -script fusion that launches reader 92 into its activation 
feature, which then .guides the user through the acttvatios -st^ just aa Wthe user had 
started the reader and laaaehed hie activation Ifeatore m bk owP, (As noted above, the 
5 swipt linietloo may perlfenn the launch either using m ACTIVEX control or a p!ng-ur 
according to what type of browser it is running on,} The merchant oray also include in a 
web page m instruction (using the web eonmnuee object 80 and associated script 
wrapper) to fern detect whether reader 92 is activated, and laooch the aaivatkva process 
only if reader 92 has not been pre vi ously acti vated. In another scenario, reader 92 may be 
10 using an Antearated bookstore" feature of the reader (e.g,, a feature thai allows the user 
to shop varions web sites that set! eBdoks wltboot using a browser), end the activation 
process may he launchable from (or pap oft the "integrated bookstore'' ieatore of roedor 
92. 

Assuming the user has decided to activate the reader 92, the aeirvation 
15 process may ineiade bns steps lliusirsted. ha FIG. S, At step 1 SO, the reader client opens 
into the integrated bookstore'' section end connects, vis Secure Sockets Layer (SSL), to 
the activation severe, where users are prontptcd to login using their PASSPORT 5 -** 
etebentiaie (step 1 5:2). It the user does not have $ PASSbCI/F^ ; ;K -coaoe he/she wib be 
provided with at link to sign- eg for one (step 1 54). p is prelerahle that die XML m the 
20 Activation Server be hard-coded into an Activation ACTIVEX control 84 using a SSI. 
connection sack that the client can gnaratdoe that the servers are truly the aeiivation 

On.ee user is aafeeohesled with FASSFPET m (step \M% a 
|bASSPORT' r ^ AH Is carried, for the user alias and e-mail address (step 1 58), Thereafter, 

25 at steps 1 00002, the Aedvation Servers will request ihni the client (via the ACTIVEX 
control) taotosb a unique hardware ID (widely as noted above, may be derived none 
hardware eotnpuocuis ou the overs computing device which snfestandally uoIaaeA 
mamify the asePs computing device). Neat, It is deterunwed whether this is a first 
activation for render 92 (step 1 64), fin some eircamstaacep readers may he activated 

30 raore gum once with dtffcrern PASSPORT IDs; If reader 92 has beers activated with 
another PASSPOPT ID, thru a warning is displayed, as depleted at step 1060 
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i:fit b<tetrai^I ttetbis & a ^ctivalioM^ 164 to. it is- 
d<il^maei whether ite uw has acdvated mors 1fcimi*tf* tBad&w in the past 90 days. If 
an, the** error message rendered -at eton 1:72 inelnding a; support telephone member, 
and &e t^rminM^ M step ill As noted above, the LLmitatidn efactivMlng bo 

5 mare tte two reMers in the past 90 days is merely exemplary. Limiting activate of 
readers fey time and number kelps to prevent wide dissannnation of a kwel S eBook title 
for viewing on thousands (or rndbons) of readers throughout toe world. The ""fee readers 
in ninety days'" limitatiorrm the example of FIG, S 1$ merely ox^mpl&ry , however, as 
other hnntauona on activation may be imposed without departing: &om the sprit <md 
1 0 scope of the invention. For exaotple, the acts vMkm linatshon depicted hi FIG. 5 could fe^ 
eMended fey allowing additional acdvations onee a predetermined period, of tone elapses, 
e.g., one additional scttvation aSer a subsequent 90 day period elapses up to a limit of 10 
total aotivattons. 

If &e user has not activated mere than hve readers within, the first 90 day a 

15 (or Is not od^rwi^e precmded. from aetivadng reader &%) t m activation page is modered 
(amp I.7Q) fer the uaer to Ml -mxt Wih® user transmits the form in ao roconrplete fcanrat 
(detected at step 17% die page may be re-rendered anbl the user completes the femx 
Heart, at step !7Cu It is dotomdned iff&e present aed vahoe Is a recovery {i.e., an attempt 
to "teadfe^ a render thai has been pre vious iy acti vated but become unusable or disabled 

20 for some reason), IT the present aebvation is not a recovery, then a now record is erected 
t or the user and reader and the number of read ers associat ed with th e user is incremented 
(step 1 ioi A pre- generated secure repository key pair is retrieved iarm a database (step 
1M) and activation eeriiiieatea are alee generated (atop IMP (As discussed above, the 
aeuvatioo eertmcste may include a poyic/prrvsre key pair whose private key has been. 

25 encrypted with the pub lie key of the secure repository key oahv) The activation hoys, 

User I1X and Maabmeiha are persisted in a databa.se foot shown) at step 186, Prefeaoly, 
the secure repository keys are not persisted, and any now seeore repository that needs to 
be created and delivered In the tbtare would have a new key pair (and the activation 
certificate delivered with thai new secure repository new contain the ?>ergiated aativutren 

30 key pair, but with the private key encrypted to the (new) public key of tbs {new} secure 
repository). 
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It at step- !76> it tMs «i;vatkm h a reoovery, tfesn an 

activation cmi&^ Is geoemtsd (step I TS) usiog the stored pubHc/privatc key pad bxnn 
a ptior aetata. Cite pahhetpri v&ie key pakl^mg itfttewtf fern the 4a&&ase m which 
it pemsied at stop 186), and parting tOnnk« at step im 
5 Ai step 1:88, the activation ^rv«sj geaeme a secure repeater? 

^ecuiabte 82. Prclfeably, the repository eaeentable S3 is digitally signeet am! 

based on; and/ot bound ta a machine II), The aetivatkm servers) sko generate an 
aetiaadon oenmaate, wfekh prefera&ly tied to ths persona: tfemsgh hbdier 
PASSPORT™ ID). The secure repository e^ece table &2 and setivatkm .c^tiilt^^ 

10 then dowrdnsded to the c&nt (steps; 1. S8 and 1 90). The actuation c^rtilkme is mztfpUsfi 
dnnna download (c,g., to pmteet any m&nBMlon conudmd in the eertifeMe that relate 
to too persona to which it. k tied). The activation certificate i$ later uploaded to a 
; *down!o^F or ^flhfilhnent" aorver during: the eBvok se<an>dbon proeesa desoribed 
below k ctmneotfen with FIG. d (he, as part of the process of acquiring a tew! S ddep 

I S Tbe suwsr's FASSFOET^ ID is encrypted and damped m the PC Registry aa f>M of this 
dowokad (when reader 92 fo&slisd on a oontpobag device that haa a registryb tor 
apload dnnng comnxerolhd transactions, The I^ASSFOKT^ IP :^toT:cd separately »m 
die g^vaiicm- oertilkate #wu thoagb h may be Included in the activation ^mHoat^) so 
that the stored FASSFORT ID may he compared with tb$ PASSPORT ID m die 

20 ^otiv-iikm explicate coring fee acpelsbioa of a level 5 title, thereby helping: to provost 
thodnfeoment. 

At step 192 It Is deternbnM whether the download of sncore repertory 12 
■m& ths activation eenideata haa aecceeded. If nop m ovem k logged and the download 
is attempted again (atepa 194 and i!*2|. If tbe download was aoeeoaakl then at atop IdC 

25 dec oaer may be provided with a page that 'Toogratolatoa ^ hlmdmr on. activating reader 
92 and in.fe?nirtg h h n/ber that the aeti vatlon proees* k complete. I a one eaaoTpon trie' 
page reey ioclMe links wte fee user tmy. oMalo -pmrnomn^ or tBotikiL Thm 
Ibk will zhmge depe^kg cat t he promotkm the server may download a djilereat 
page wit! different links If the '"pmrnatlasr stages). This link mey also kiftge a 

36 msa$m$ mpm®& b > : Activation ACTIVEX: Cootroi 84 ?o return the user to die library 
pays or; lise reader, lee process thee feomsate M si<:p 1.9H. 
eComnserc* Pmee$s Plow 
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R<>ftmng now to FfCb -6> an owiw of b^e baele prooese by which 
a : So>aR Uilm are acquired g&d deli vered online is described. Is w rsoied bra 
the present fmtt&ttonis adap^tl Co Irte&ersM operate within a server envmmmeBL 
Such an ^etnpl^y w e?:wiro?^^t descsrabed tn Attorney's Docket No. MSFT- 
5 6 1 14, tiled co^eunmtly herewith, wbleh. la espm^% breorporn^d by reference hereto in 
eMtMy. 

U'steg a i»r or the 'bntegrated bookstore" feature af mfe 92, the 
w vife a retail site and chooses bdnk(s) lo a maimer impkment^d by the retailer {step 
2D0y For example, the site may provide a web page that display a (aa links) various books 

! 0 that, the aser may wish to purchase. The aser thee pay a for the thlea (step 202), auch as 
by submitting a credit card nomber (or by referencing a stored credit card number if the 
nser baa an accfcuirt w.h'h dm alte; in one osage, fee users I s ASSPOB'T ID may reference 
a^cb a number or accaonty The -ttasasaction eonefodea at step 204 with a receipt page. 
The receipt page may eonram ^fen&mmf bre onier or tfeMkmg tfee aaer 

I S tor his/her order, and also contains links (HTTP POST ?^qnes£s) for dowiboadbm each 
title perobaaed. For ftdly mdwmimBaed tfttes (love! $% a eik^aMo script popoiatea the 
body the POST with the activabon eertmeate, via web corner object g& (Eoy, web 
eaotateree obfoct 8d la ased to review Ibe acdvntioo eertmeate tor pro vision to the 
retailers ante,.) In one eaample, the aebvaboo eerbieate may be provided: to the retailer 

20 web site, which then creates an .HTTP raqoest (La,, a POST n?qaesO wfdah nrclodee an 
encrypted blob <j,fr, m tbe body of the POST). The HTIt reqaeM Cmerediog the 
oncrypod blab) la thao tendered as a bok. at i ho aim ^tc< where the client ellcfea tba ink 
to download tke perehaae4 btie (as described below). In this exanp-be seeoarro, the HTTP 
reqaeaoand encrypted blob (which arc generated by the retailer, who, preferably, la in 

25 privy with the fkfSlimem >ate) oootama !nibrmata.>o that. Identnlea the parbanlar eBook 
to be provided to the purchaser, as well aa diforeiation brat demonstrates to bte 
felfillmont site that tbe encrypted blob was generated by a retailer fowh« the 
MtBlment site baa agreed to tin lib eBook orders. Additionally, in tire ease of the 
purchase nf lave! 5 titles, agent safe software arkie the activaboe eerbtkare to the body 

3d of the POST to allow the Ky emetrk bey of the eBook to be encrypted for use with 
readers aetrvated to the aaer : a aereooa.. 
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Upon clinking on any ofdhe life at step 206, tfc browser initiate a 
download Horn a dowmte^l or "dblddmend * server speediedln fess prcslpi page. For 
indwiteOy seated (*1i^c«fe«i^ copies, the download server adds iks cmmxttt&*$mmg 
(or other lieotrfeing mtdmMtion as ck^mimM fey ths rmO site, such, as the user s credit 
5 ,i&t^h®f > ..«-it»m^ciEM0n ID, etc.) to the title rnel^ daia. and m^esk the eymmetne key 

lising the new eryptogmplde hsah resulting from the Aw meta-daisu which now b>e!:ades 
st^h. Me^ti^i%g'in^t^a£ion>- (The particular ndbrrnaiinn to be inolnded is determined by 
the retailer and provided as part of the encrypted blob te. the body of the POST,.) For 
felly individualized copies (level 5) a hecme is generated and embedded in the: LIT die, 

1 0 in ■adddkm in the bookplate being created. Tbia bcense contains toe symmetric key that 
encrypted toe LIT file ^watadT with the ptibtfc key In the activation certificate. When die 
download: k complete fa*ep 208), the download server togs the traosaotion and, on the 
client, the reader M may he Immehed autoxmfeil.y (step 2 1 Q>„ Tim tide tnay v at this 
time, be mnved into local stored JX store 98, or needier idlder nrdir&ct^ry desigo^ed fer 

15 the storage of eBeek titles, Upon launch of the reader §2, the eSqok may he opened to ds 
enverpege 100, 

In accordance with die present mveodon, from an end-users perspective, 
there may he no pereepbble differoooe between a level 3 &m! a level .5 pmteeted title. 
Bold include a bookplate (e.g.. N incision of the osers name on the cover page 100), 
20 Users may only notice the difference if they try to move a level 5 eBook to an 

installation where the reader d2 naa not been aetivsteh tor the persona that pnrebaaed the 
eBeok. In this ease, a .ted S thin will not op en on sobk a reader 92 y wfeereas a level a 
tdle wall open. 

DRM System Client Usage Seennnoa 
25 lite DRM system architecture d driven by several scenarios that 

eonaia^em of eSooka are expected to eoeoonter, Baemplary scenarios am explained 
feelow, Seed badnde buying a bonk on nrmatse, reading a book on muhmle 

readers 92, animating a reader §2> and recovering a lost or damaged tide. The scenarios 
have variations according to the level of eepy protection chosen fey the pabheahnn 
3d provider The variabona impact the oser because they determine in some cases what: the 
nser must de in. order to aepnire and open a title on one or more readers d2. 
Snylng a Book on hopnl.se and Reading 
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Wlren a CiMmm browses a retailor's web site using a web browser or a 
:< %odk^i^ fete jstekfe reader applicstioo 92, he or she may select books m fee 
pm^hMed <e,g,, build a Chopping e&rT), am! pmwd io dwckout in accordance with the 
ralea anbu>r procedures of the retalksite. Depending 00 the level, of projection associated 
5 with the selected titles {which may, for example, be beternnned by the retail site, or the 
content owner on whose behalf the retail site diainfeucs the eBookb twxsstap aim m ay 
request Intoonabon whidl uniquely idendiles the eustca^eo (E.g., if the title is protected 
at level. 3 ; the retailer acquires tike user s nw- fixnn. a (pt^&r^bly) trusted source for 
inclusion in the meiawkrta, so that a user could not purchase a title under a take name 

10 and escape deletion if the title ia dkobly di^triboted. In this scenario, other mfbmmtioo 
lk>m which the purchaser can be traeed, soeh m the usm*$ credit card: number, a 
transaction IP, etc., eo aid be used to serve the same purpose J If the title Is protected at 
level 5 :> the recall site will also need the acnwboo oerbneate (preferably o'btemeb by uae 
o f web commerce olbeei gb anita associated script wrapper) in o rder 10 properl y encrypt 

IS the content key. If the euatomer/brewae^ is out able to provide the mep-ured hbbrmatmo 
to complete the tmnMctlom the retail site may then pro vide the customer with the steps 
thai are required (e.g., m the ibno of a web page that e^pfems lbs steps and how they 
may be accpnipHshea: aid/br j^vktes %$^1&ks to be IlIawM), hi pun competing the 
rrauaacbow it ia preferable that the eastoomr receive a receipt to cootron iransacbon (hw> 

20 an order 00 uhrmarren page) or recei ve Inform atmnal errors reporting Issues with 

processing Ibek transaction in accordance with the reteb. abe : 's rules and policlew Next 
the purchaser &!!dw § ^k?wulo^d ms!rtmtbt*g ant bedd ed m t h e receipt ibr t h e booka tbey 
purchased, according to the rules sod policies set forth by retail site. ( E.g., the receipt 
may eontain a hyperlink to be clicked by the user In order to begk the download of on 

25 oBook.) After the eBoob has bean, downloaded, it may be opened for reading fey reader 
92. 

Reading a Book no Muttiple Readers 

Cooaomers will expect to be able to read titles rat more than one readrug 
plafthnm e.g., a desktop PC, laptop, palmtop or an oBook device. The DMM: System of 
30 the present iovootioo provides lor such usage. As part of rke ;DRM system, pebtisheoo 
distributors and merchants may be holders of symmetric keys that are used to encrypt 
cBeoks titles. Freferablv, 000 key ia used per title or SKXblbBbkbAA, f he symroetrie 
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key la required to opm the title : m& m embedded in lbs licmmiDKM. Wnmr^mtsgih® 
pmdmm, The procese oimcryptljxg m& Mm emterkting: the ayorntetric key will fee 
relted to hereto as -"aeWi^g,** It k fcotfed that the symmetric key .may be encrypted name 
& pabbe key associated with the cotmm&fs activation c^rtifkate key-pair, or, in the case: 
S of source and mei vld ually sealed eoples, may be eaerypted with a .cryptographic "hash of 
the meta-dam. 

In order to read the encrypted title on maihple reefers 92, each imtanm 
of the reader 92 needs to be able to access the symmetric key I4A embedded: m the titles 
Lioooae/DRM stream, in the eaae ol^rote^ted iitl^s that are not felly b<$h'i<teife^ to a 

1 0 person {^g>.,:1iitfe M -.Jetfefes 2, 3, or 4), aceessmg symmetric key 1 4A is accomplished by 
®$mg (e.g., hashing) me title's meta-dota to enseal ami possfely decrypt, the 
key 14A, which is prsfemMy dooa by DEM manager BO. In tit* scenario, the 
mcre;hnxi:t/d.btnbutar ef Che title encrypts the symmetric key 14 A whh a cryptographic 
hash, which is pro gremmatic ally gaoeratod from, a hash of the tdkea metadata (which 

15 may inoiada the rlgMfe! owners name, for sample, hi the eases of level 3 titles). Reader 
92. «r MM Manager- 80 thee uses: the seme hash algorithm, to tms&tg the syntonic 
key .. Users that temper with the contents of the title's meta- data will no longer be able to 
read the oBook title, atnae reader software will not he able to decry pt/arrseai the 
symmetric key 1 4 A. because the new recta-data would result in a different hash, 

2Ct In the eeae of Ikhyo^ (feed 5) titles, the symmetric key 14A 

is encrypted wife the pobbe key of the user* $ activation certificate and inserted Into the 
dearie, where the license is into DEM: storage 14 in stream 1: 4 A (see MCI 4} 

prior to download. As diseessed above, each reader 92 activated to a particular persona 
has an activation card Scam eontairbng. the pubhe/private key oak associated with the 

25 pemone. Thus, a title may he read on any reader 92 that has bean acbvamd to a partieolar 
persona. As disoaased above, the aehvatioo certificate fe obtained dnr Jog, the activation, 
process^ The alorementioned : riwa.naef c &a ferthar dlseaased behraa is a eoestract that 
definea the rights that the ooasamer can eaercise ope a parohase of the con teat anrl 
wharan is present, it alao oormdns the content key (Le,, tho vyoiosotn a key), 

SO Client arebaectere 90" decrypts the encrypted synenema key contained in 

the become of a level 5 title by applying the prwate key from the a eti canon eertdieata, 
where the actuation cartiiiaste prwste key a stored m encrypted term and is obtained by 
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asnig: secure repository 12 to apply its public key to the encrypted: private key, as 
ciiscussed ahnve. Beyond that a reader 92 has been activate using the 

credentials (ie, s persona) fer whieh m level 5 litis w p^,* other astksnfe 
required to pennit e a^r lo read a .title muhipfe readers 92. Moreover, even mfe 
5 ease or level 5 ti Sbs, ifseaet M mmxmg> that the reader is estreated to the correct persona 
tsfoss pkee Implicitly - thai is, if the reader 92 Ms not heen activated to the person with 
which a level 5 title is associated, iheti the reader 92 will not have access to the aedvatinn 
certificate (and ha en v ate key) thai allows the reader to aecess symmetric key 3 4 A 
n^ed^d to decrypt content steam 16. All the level S tides purchased ..for a reader 92 have: 

1 0 their content keys encrypted to the puhbe key hxcleded m the WtoIw eert! he ate 

associated with the rcadenwsorae When the oeer Imtalb or purchases another reader 
92, the user only needs ip aotwate the new reader with the same persona to receive the 
same acdvahon eertihcatelon more p?netseiy> &n ^S^t ^v«i*w.^^ffea« with 
the same pnfelierprrvste key pair, wkme private key, as disc eased above, is encrypted 

15 with the public key of the secure repository resident on the new reading 

devicerinstatktbnk 

Yet another alternative fee obtaining symmetric key 14 A exists fern. an. 
OpenCani C>|?erCards cash contain a key or key pair to which titles ere sealed. When 
the user wishes to read the earn e titles no a dtferent reader 92, the render 92 nsrusl fee 

20 installed on a deviee having an OpenCmi slot, Accordingly, when the user inserts the 
OpenCard in the device, the thiea are amomaticahy av al table tot reading. Thus, no 
cpeeial steps arc required when usees want to read OpeeCard-based ti tles on nrahiple 
readers 92, since, in eileot, the title Is hound to the card rather dran to a particular 
estiva eon eertxdoate and/or persona, 

25 Upgrading or Repkesng the Render 

If a wr loses, replaces or upgrades his/her reader, h is Important that the 
user he able to read prevloristy-pnrchaserkiitles (e,g., level 5 titles) on the new Reader, 
According to an aspect of the Invention, enabling users to read previonsly purchased 
content on new readers 92 is performed using the same rn.echmbms that allow them to 

30 read on multiple readers 92: the new reader 92 aeaerres the required aetrvetnat oerd&ate 
(re,, an activation cerhheate with, the key pair contained In previous activation, 
certificates issued to the user's persona). 
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Enhtming a limit on the mmfe^r of actwaoar* of .refers 92 m #ie m^aer 
aimpiMes die ^--a^^j(£i%/r^)b»^xt"Ml: i«rai&^$s. As long as ths-nser bi. not 
^m^de:d the apphcobie limit m scmmkim, tat cm activate a oew/opg^ 
reader 92 jmt *te Iflw were activating another one e£ asveral readers owned by 0m user. 
5 A tf «r may an ^vttfaa of an old reader fey ddNfmg the acdwho^ cerbfeate, 

bill doing. ao does nor aeoesearny merest the nmber ef avail abk aedvshoes for a 
parti euki persona, since the -&ctiv&ti<m autMarity (e g., the aedvapoe servers that asara 
eontaet ie dht&in activation oerdheatea and mcuvv r^mmms 82), does not ^.ec-^s-anly 
have any way to verify that the aedvadon esrti&axe has been dieted, or has not bom 
10 baefced op m a recoverable manner. Therefore, In vm zmbodlmmt of the hvvsntion, 
deleting the: .^ti V^loB eorlffi^e does net ^reser toe antblent limitation 00 w 
activations for a pardeular peraama 

Reeo venog a Lost or Danmged Tdle 

A user may baek up dtles* for example, by eopying eBook file 10 to 

IS ren;aaa*bto magnede disk. 29,. option! disk 31 > or a reinm-able, aoo~ volatile memory erne 
If die titles aw beooma .lost or damaged en the prbnary average of a parrio^lar readio|| 
devise, the dfe cai be restored. &om baokap storage. However, In the ease wmera titles 
are, &r ».r«^ not backed op. It may be possible to recover any tides teat or 
damaged irom the retailer. For example, the oser may keep the receipt page torn a title 

20 purcbaae (ie, s the page that eoatahts the download hnkah and ehnply "re-vrad" the link 
to oanoeetto a down toad eerver to obtain a new copy of the eBook (^XP y ) file 10 that 
embeelea the title, Osere em keep then reeelpta locahy or afen atl v e ly v the mad. store 
may ehoae to oSer anatemers the eerviee of atnring their receipts 00 retafler a ae^er. 

in a preferred embodiment of the invention, however, reeelps have 

25 expiration rhne/eate Ce,g,, the eaerypmd blob assoeiafed who the oak that B cooked to 
contact the download server may have an. expiration: dme/dnte Inoorporated within It), 
sneb that choking adewadoad link more thai a nredeteeadnsd aomont of time after h was 
issued (e.g., one hear) will eanaa the download server to refbae to download the tide. In 
thkr ease, the retailer may have a reeont of the porehase and may pnavlbe a new copy of 

30 the receipt/download link. In order to reeover a. Ioat or damaged eBook ti tle, da? ufcet wall 
have to connect to the merchant from which the eBook title ^ p orebaaeb. Alter the 
aaer la identified, the nterehsnt site will present the aser wad a list o f receipts irom 
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which the i**ef wiH ehmm the appropriate The user may then locate foe title tfaqjr 
wish to iwover, ami dick on the link provided for download Baniog awy restTfottve 
poikfes htom the merchant: site* the user shcns&l he able to ^download the eBoek fitte. 
they k^t !tis generally not for the marehaM- to t^tdet re-dowaloMl^g of 

5 titles, srooe the user was always free to copy the title from machke to machine (subject,, 
of coarse, to the cooddloo that level 5 titles do dot work oo readers achvatad for a 
p^sooa other than the persona that purchased the dried and. thus restricting the re- 
dowfooadfog. of tdles provides no addhfooal copy protection. It should be observed, 
however, dah the deeimon to provide, fee ^re-dowol0adfoi YS privileipals withfo foe 

! 0 foseretfon of the merofomt, since foe merchant may w ew tfes re-do w:n:toadiog as a service 
for whiad the merebani desire to soiled a .foe 

Sapportiog otuhtple .Activated Ee&dens m the « PC 
It is pmfera.b!e that foe reader for laptop aod desktop PCs he designed la 
support m^dtspk users scaring the same computed So long as" the users have diiierect 

15 local accounts oo the PC foey share, foe reader may More ad aeee^peefoo data oa the 
appropneie user data-space, keyed off of their respective pro dies and. ^currere user" 
regisiry values. For example, eBool files 10 may he stwed, .for each user, in a ddeatory 
logieady contained wifofo foe topdevel directory for dm userfo proSfe. U im tmm of foe 
actlvata process, the process may easore that the reader d2 befog activated aad foe 

20 eom.p0iu^ts being downloaded ccg,, secure repertory B2 and the aebvadou certificate) 
are tied to the cerrcot oaer (e,g^ the sarreraly logged- rc w on a workstation ruofoog 
foe MICROSOFT WII^TOWS -NT ^^^mg^y^^^ 

AddkloBaliy , once the reader Is aad vai^h it may display foe 
PASSPORT*** name for the user for whom k w as activated, for example oo a spbsfo 

25 sereeo aad a qufofc settings e^ae, CM foe ofoek settings page, foe PASSPORT™ uame .for 
the use?: tMt last activated fer reader wilt be shown nianatilately abo ve the aeti vatioa 
dak, lids allows for proper hand Jiug by the elieaofo.de wed eoraraerce ofoeat Sd of the 
astisatfoa eefo ifoate a?xi encrypted PASSPORT^ IB apload, daring the shepfoog 
process for folly fodmdo allied tides (level 5 prmectadh 

30 The process by which omktple users ceo activate the same reader 92 oo 

so eaeurpl^ry shared syTfom is as follows. The Reader witi cheek: whether a has deea 
Activated during atardip. This cheek is performed by ch eck ate for ee 
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HKSYX^^ ibis Reg&y Is wrdten 

to tbe BKCU branch, it ensures &af it will be w^sp^S^ and tied to fh& currently 
logged on aaemame cm the compiler, If do a RegKey is not found or b not set to I a 
.§ sueeessfef aoovaikm has taken place) the user follows the s*eps to activate the r^ien -as 
diseu&g&d above. After the dowidoad is complete^ the activation ACTIVEX control 84 
queries the opora&g system for the useimmo for the currently fogged on user cm the PC, 
If no *emM\e k-^temCit will aaaanm ^Defonitlfoer ■ a the ^emame, 

The ACrilV'BX ecmlroi; 84 then queries the registry to find oat where the 

1 0 reader was installed. It then elates a drreofory node? the MS Reader installation 
dneciory thai will be nanmd- A<in*o^ (<asernarne> as. 

determined by l&e operating system query). Once the directory is elated, the ACHY EX 
control 84 populatea th^M&CDV^^^ key, witli the foil path to that 

directory, In that directory* the ACTIVEX control M installs seen re repo^tery B:l and 

|| the aedvahoo cerbtfeate, h then uxeeaie^ secure repertory 5£2 with the **• --m^talF* 

parameter for $eI^registrat?oo of see we repository -il towmg all of the ahove ateps 
succeeded, foe ACTIVEX control 84 stamps die AehvatlooC:ompiete RegRw. 
iieenaa 1fo:nnai 

Below- is an exemplary Ifonnae, which ia used lor every download of only 
2d iodivfooabaed titles The license is a eooetruet that dc tinea the rights feat «r «. 

eaerefoe upon pnroha$e of the ti tle, in addition to denning the reqanemoots for ensealing; 
the symmefoe key to exercise those rights, BxaMpte ofo lighter that souk! he 
rcpt^aented in foe dleenae are rendering the content in. the example of text content, 
reading it on the monitor of a PC), prfotfog the eooseng or oopying-aod, pasting; porbeam 
25 of the content, ft i& anted that the exemplary license format is not intended to Ikhit die 
eoope of the present invention as other license formal having greater or leaser 
infonmtion are possible. 

It is preferable thai language chosen to repm^nt a license & XML, and 
the ffoanat of the l icense & basaet on the Extended Rights Markup Language (XrML| 
30 Speeilicaiioa. Tibs la a weibeahed markup language to deseribe nsage rights in a 

lleaihle manner, XrML also pmvmes lot great inmroper^bddy and will allow for any 
reehnology investments made on eornponenta that generate and manage theae licenses to 



be leveraged tag4M, in a. .preferred mb«tfijti«z$t only those expressed in tfee license 
me i^smiM to the lieense - i.e., i f & right kwl expressly granted, it. Is denied. However, 
it will be appreciM^d faytfcoSfc skirled in ike an that other sm^emsnts ars possible, such 
as where st nefe.uk set of "rights is ps^utsssd unless exprmsly deoied or mftftftetf by the 

The lb|vkwel tags in a collapsed fonnat ar^ as follows; 
<IDDOTPE KrHL SYSTEM *xrmUt<T> 

::: <xmt> 

HI <BODY type«*UC£NSg* version ^>€P> 

<lSSUE©>200CKii-27T13 i 3£R/ISSUgD> 
, <DESCRD>1t>R> 



CO 



> <wdrk:> 



3d 



Usxiijv x±-$&&& e:|: t.hss hook 
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— > 

— > 

10 - ^^^^ 

> 

± <UCBHSEDFRmClPMS> 
</SODY> 

15 > 

> 

20 * <S1GMATURE> 

</XrWL> 

the fem line of the XrMI- structo »ve defei^ fee vwim ftfthe XML 
■hmpu-sge used t0 create fee XrML license, llxes^comi I me specifies the T»e affe 

25 DTD life H^ii to p.wo fc KMh M®, Jm BODY tag provides the type of Htataoj the 
v«« of fee XrMls ^|>aciBcaticsn. u$ed. when the- Ikmise w&$ generated, end Che dste 
when st w issued. It b also the memeg Ib.r the whole wmeh has the fhlbwiBg. 

WORK, LKSNSQR, LJ^CEHSEDPRJMCIFALS, aid 
WORK «t^M all the semantic iuldnwiieB about the ieeledleg the osage 

30 MGMT.S> The contents ofthk field Cmdeding the tags) constitute the d&iss that i* hashed 
and signed. LICENSOR eonmms kfemmdou peitalmng. Che sptsty that, issued the 
lle-eme, usually a EeteJIer. MCENSEDFRINCjPAl^S ™fe a s©n*& pfpn^ipafe.feM 
mast he msthestfe^ued wheu exetclsm.g the osage dghts specified in a heeuee, 
SICINMURE wmtmtw *e h^fe/di^t of fee iJCHNSEBODY as well ^ infemuuien 
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about how the hash was orated, including the algorithm It also fecfefe the 
DIGEST encoded m accordance with the algorithm named by the licenser when issuing 
the license. T he BKsEST and SIGNATURE tags pmvide- the aathenOcahon imormallon 
used to validate the entire Uessse in a way that cannot he Umpered with, 
5 Srrucmxe- «f the BODY tag 

The main tag of an XrML license eonstmet is the BOD Y tag, whkm 
aontains me following tags: 

<BODV tVpe~"L.ICEMSF' V^hm*TS,<l H > 
< ISS U E D > 2 0 00- 0 1 - 23T1 S ; 30 </XSS U ED > 
10 ::; <pESCR|FTOR> 

< ID type- "hlS-SUID" >7BD394SArC84 l~434d- 
A33F"S4S6©S£2AAAE</tD> 
</GBJECT> 
IS </DESCRIFTOR> 

- < t L:ee«;»-:l Beek 

> 

20 :: <WmK> 

.-• <om 'ECT ty en " BOO K -t|T~ FORMAT 1 > 

<ID typo^ : lSBN !f >83?4-39384-3S4ya</IO> 
<mm»A nook of Umm<m^> 
</OB.leCT> 

2$ <CREATOR typo~"aothea ii >3omoo tha 

fsrat</CE:EATOE> 
< CREATOR type^ Author" >jarmsa the 
second </CRr.Al'OR> 

~ <ownm> 

z <OSJ£€T typ^ s Psra-on"> 

< 1.0 Iyp«- ,! yS"SSN"> 10 3-T4-8843</ID> 
<^Ak!tr>Mik« the ro»n«/**AM£> 
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w<3 m.m?m mvwsmimm 



< ADDRESS 

ss> 

</GBJECT> 

< ALSORITH M > RS A- Si 2 </ ALG Oil J THM > 

- <BARAHgTER rrams« s p«&^c exponent" > 

<VAOJE 

11) iic> 

</PARAMETB*> 
~ < PARAMETER nam««*im>dWus*> 
< VALUE encoding * »fes«84 if 

VeeDra j 2f*A* - </ V ALUS > 
</PARAM£TB*> 
</PU0UCKEY> 
20 </OWHm> 

■ <work> 

~ <OBjECT iyp&»Xh»pigsr''> 

30 <^AHE>Ch©§Aer X</MAME> 

</083ECT> 
</WORK> 

::; <wom> 

- < OBJECT ^« 8 Imig8*> 

35 <3D type»*TeU&Sv®*;* i </ED> 



PA 
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<mm>im®g® i; Photon ColebsPats 

</0S;3ECT> 
* < DIGEST sourvsdata^ s lJconsorHeta ;< > 

< At. GORTT MM >SH A X < /ALGORITHM > 
- --PARAMETER ?iame~ ,s csd5ngtype B > 

<VALUE 

encoding »* r strift§f s >suffac« i * 
c»o1ng</VAtUS> 
</ PARA METER> 

< V ALU E mm® o g ™ * bose64 » 

ISO* > Q£SrhD5&??>: MoFPmSg 
4ml£KWm*z </VALUB> 

|5 </WORK> 

< /PARTS > 



•• < if— U'ssge ofUi:f bosk 
> 

- <RX€HTSGROyp nam««"Maln 8igshfcs*> 

< DESCRIPTION > Some dssc</DESCR!PTi:ON > 
<8UM2ig> 
• <TXME> 

<tiNm. tlmB*"2©00.~0i*2^i5j30* ■/> 
<:/TlHE> 
■ : <ACCESS> 

~ -sgNABUNGBTFS tysse ^sealed- 

<V&tM£ mm®m-^^^ K 



:5S-!::>oi;s:>: S;V!WU> 



~ m - 

h 7xt?mbses] 7 o t B2f WTCX 

;<DD4- SWUB/lw « ** </VALU 

</mmunmws> 
s </mmctmi:> 

</ACCESS> 
</BUMDtK> 
» <M«HTSL1ST> 
?: <VIEW> 

10 ~ <ACCESS> 

» <miHClP&l sequenced" > 

type ® "sea fed -sles-key* > 
<VALUE 

20 0ES|7a^B2fWTcxxOD 

*6WU8/Lw«~«/VAt 

25 < PRINCIPAL sequence™ 5 ^ /> 

</ACC&SS> 
~ <A£CESS> 

30 type ~ * sm mi -ds$s~ Key * > 

<VAtUE 

encoding - !! baseS4 s 

35 R4YdSXaEviA2Lxsh9Z 



:^: ; : KSi::i:;:iJ: :~SSS3;.„. B: Hi! ite. . !. 



-6WUB/lvv ; «.u</VAL 
UE> 

</pmncip*L> 

</ ACCESS > 

*Mbw> 

0 ;;; <FEE> 

- ; «:HQNETAEV> 

« <PEEIISE value^"5,00 !t > 

<ajmmcf m~ 
5 </eerijse> 

- <A£€QUMT> 

<ACCOUMTFROM 

/> 

10 <HdUS£ t**"XYz* 

uH ~ :: http: //Somshous 
?a..com/p<syme»asp" /> 
</AC€OiW> 
«/MONETARY> 
i$ </FEg> 

■ <TRACK> 

tracker</PROV!DERHAHE> 
< PROVl Df R! D Id™" US 102 3 " 

m t^p^Tmckm jxr /> 

z < PARAMETER mms$^*tracfcl'rs-g 
®ddress*> 

<VAIJJE 

encod i *u r P > * http : //so 



WO 81/4'6?§3 P€T/PSMsM278? 



</PARAHETER> 
~ < PARAMETER nume^rpcking 
5 support u#dresa !i > 

<VAEUf 

© n-etod \ m- "urr > " http : //so 

ma,asp"> </value> 
</TP,ACR> 

- <Tmmom> 

KIQCMIDH country** *u.s* 

1.5 p0staicodss~ : "90345" /> 

< LOCATION country ■•- Si jp K /> 
</TERPlTORY> 
</PRSNT> 
</RlGHTSUS1> 
20: «/RK3HTSSROUP> 

</WORK> 

• <!-•- Umws-tf the bossfe — > 

- — «••« - >•••<••••= ; ,. t , : . :r . t; , t _, :t::::::::: 

25 ~ < LICENSOR* 

- <OB3ECT type Certificate* > 

A33F-S4E6DS E 2 AAA E </10 > 
<NAHE> Barnes and Roui«</NAPsP> 
30 </QS3BCT> 

~ <PVMJ€KEY> 

< MMomnm> rs a-si a </algorith h > 

r < PARAMETER name=« ^public exponents 
< VALUE: 

moo® ng * > J I mmgmm* > </VAtU P > 
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</PARAMgXSR> 

< MMJM encoding * " bas&m " 

SqFDR4H leieR i g * <5 SVm K MZR$9FH4ou ssP 
-</ VALUE* 
</FU3LXCMe¥> 

«/li€ensor> 

z < OBJECT type ~ * p mo; ra m* > 
<ID 

> 

<NAME>DRFL IHTER.PRETER<;/NANE> 

</object> 
; ~ < AU THE NTICAT'OR lyp®** *drm~ma*i'uJe~ 
verifier" > 

<ID typ;s>» "microsoft- 

prog ;d ;: > rru5*4 rrn . sisth s-n cede < /ID > 

< mm fe> d RMAuthsn ti corip </ h &m> 

»• < AUTH £ NTIC AT! O N C LASS> 

<VERSIOMSPAH mln^"2,D" max**&4* 
/> 

<vepS!ON>5.0</VERSI0^> 

<SECURrrVL!5¥EL>S</SECURn-VLiS 
¥EL> 

</AyTHENTICATIOMCLASS> 



Mrmmmtm 



- < VEJUflCATia M>ATA tyfto* "slg hsfcj rg~ 
k«y"> 
- <EUBUCKEY> 

<ALGGR1TH H > RSA~ 

export 44 » 

10 SE7</VALU£> 

< VALUE encoding- :; bsseS4 :i 
sis*** !! SI 2 "> u r f^&h/Wtm 
15 04-aD|§YLxwrktqfDa4HZ« 

AQVAE D ro^Sf XAs= : « </VALU 
E> 

20 <:/EARAHET£E> 

</PUSLXQCSY> 
</VERIFICAnQNDATA> 
</ AUTH E N TIC AT OR > 

25 :: *m.HClPAl> 

z < OBJECT type- "MS Shook- Device" > 

<NAME> Johns c:ompsiter</NAME> 
30 </08JECT> 

•• < AUTHENTICATE R Wpfc- *dm?mb&maV- 

< 10. ty * microsoft- pmgkt" > 222 3- 2224 - 

35 ■■; <AyTH€NTICAnOMCLASS> 



m;*:si.s»i>: -cwx . ),,».. 
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<Mmth mnt&riQmmm > 

named -motf> 

5 -- <PU8LICKEY> 

< A R1THM > RS A- 
S12</ALSORXT«H> 
- < PARAMETER name™ 51 public 
exponents 
10 <VALUS 

S3?</VAL.UE> 
</PAKAMETER> 
~ < PARAMETER p«me~ !! madute>«> 
|.S <VALUE encodmy^'bssaSA" 

0 : 4«Dj0VUo(W*EtqF DRAHZe 
l8Rl94€5SvmKNZRt9fH4« 

E> 

</PARAN£TE«> 
</f*USUCKEY> 
<7 VERX FICA110 N D ATA> 
25 < Vi-RI FI€ ATI O NO ATA > 

•-• < PARAMETER n&m#***§*>$$P» 
<VAUJE 

■ue> 

30 </RAR AH ETER > 

- <EU8L]CI<EY> 

<ALGOR1THM>hSA- 
S.i2</At«DRITB^> 
~ < PARAMETER name^*pybJte: 
35 exponent" > 



to 



<VAU*g 

«a « *9Q* > '33S4SU RT203& ' 

</pmuCKm> 

</VSRlf s t€ATIONOATA> 
</AUTH ^ticatoh> 

</PRMCJFAi> 
<PRINC|PAL> 

~ < OBJECT ^pi^app!icattart"> 
<ID type- "MS PROG- 

<*IA«e>HS Book Reader 2.0</NAM£> 

</oaiecT> 

~ < AU THffNTICATQR type ***4vm m^rml 

<V£RS^OM>l,x-2..5</VERS!ON> 
</AUTNgHTl&VriQNCLASS> 

~ <v&rsfs€AHGNpata tfpB ~*authentteQ<te» 

~ <DISEST> 

< ALSORIXH H> H 05 < /ALQORTt 
HM> 

-</VALU&> 



</D!GESt> 
< /VER;lFlCA:TXO N DATA > 

5 </ilCENS£DPRI^ClPM.S:: 



< 



/&ODY> 



Seo^ repository 82 sufcubales -a license via the S1GNA1UR1- and 
10 DM1BST mgs. This k such that the oMent ••so&wsre am validate that fee conteBi feej&g 
remteed mm item » trusted source. A. more detailed example of these tags is provided 
below: 

s:tienst:;ur:e »:£. Z.h® X<i<s$88* 



-•> 

~ <DKjEST> 

■• < PARAMETER name^codtngtype*^ 
< V ALU E eo tod 'm§ ** "strtn e" > su rf a ee- 
coding </WUUE> 

</PARAMrr£R> 
B <VALU£ encoding™ *base64* 

</DlGEST> 

<VALU£ encodings "bai^m* 

nJ^GogRZhAToWRQ « * </VALUe> 



it & nott^tbat the .foregoing examples &ot provided merdy ior the 
perpose of explanation and k no way to be eoneirned as limiting of this present 
Strata.* While ilm mvenllcHs bmi described with reference to various 
^mfeimm it is imderatood that the words which .-h&te h$m nsed herein are words of 

5 description and ilbstratkm, mfeer -th»« words of limitations. Further, although the 
invention has been tombed herein with reference to particular means, toatejials and 
embodimems, the invention 1$ not Intended to be limited: to the partrctnats disclosed 
herein; .rather, the invention extends to at! f«8Gtfcma'By eqeibaleut str^clures v methods 
m& uses, such as are within the aoope of the enpended rfalrns. Those skilled in the mi, 

0 I wing the femetit of the teae hlngs of this speein c at ion, may effect n omero us 

rnodifioations thereto and changes may he tnade whhoiu departing trpm the scope end 
spirit of the .invention i n he aspec ts: . 
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WHAT IS CLAIMED IS: 

1 . A computmg m ^mmumo.ate via a network 
mfr^tmcture, comprising: 

a long^erm storage devise; 

a user interface adapted to imieraei wiik the mmpmmg d^icwmid 
5 for IpmcMng a rending .-.appS&atabnj and 

a mana;gOTOTi module that melves a e<knmurdeMi:M from the 
rendering application to access fest mfe^atloM stored on the long-aerm stooge device 
wtedb the tlrst mforniatem is stored In an encrypted IbrmM ami wherein the 
nnei£gement -module, returns fct dale which enable* the use of said first nvfomnamn by 
1 0 said rendering application. 

2, The eompnbng device of ekim L wherein said first data composes a 
key ?o decrypt said fttat hirommliere 

1 5 3, The computing dtmee of chum 1, wherein said to : <tala inohalee said 

fast mformahoa in an unencrypted format. 

C The computing device cT claim !, wherein, second mfetnatibn 
p mining a a ^ansaetien Is returned |>y the management module to the rendeneg 

20 application for usage on the computing device, 

5 . The computing device of claim 4. wfe<stein said second in fonnetion ic 
selected from the group conab&mg oh a name, a oreik card number,: and a receipt 
number, 

4 The compnnag device of chain I, wherein said mm&gemem module 
aidhentkntec said rendering enpheafien poor to returning ^aid .hen data. 



mmrn&o- >:v*c 3^>$^u...:> 



?. llie^Bipulfeg device of &Mm I, whxmm said mMm^mmi modufe m 
mm:fmmhm with a secure mposi^ry receivable via $&ki netwA iniVastmcture, wherein 
said secure repository -applies a fcsy te second data, 

5 %, The computing device of claim 1 >, wlw saki aeooml dm *a:mtp rises a 

fcay wfekfe. decrypts said first mXotm&$km> 

9, A com-puter-mid^bk having compi5ter-execuiabk iastracuons 

to perform acts ^mpdsfeg: 
10 auiheaiteatmg software; and 

providing at \m$t 0m &zypix$&$®pbAc mmm for said software; 
wherein said -qomputar^^Scatafek msmiebona to perforin -mi4 at least ooe cryptographic 
service are rro^ooablc by a call from said &sl aofiwace, 

! 5 i 0, The coB>pator-read^bfe mrfkm sf'olmm 9, wteefn said at least 

cryptographic ,wk comprises using a c^tographk fccy to decrypt ..data* 

I i, Tte eos^poter^eadafolc oredinm of claim % where! 0 asbd at ta&t one 
autographic compB»s a:aaealiai seated data 

20 

12, The ccmpater ^-oadabte medinm of alarm i'L wherein aaid seated data 
eomprkea a e^yptog^aphic: fcey, 

13, the compotervreMahle .medium of claim 11, wfaesmn aald ^akd data 
25 composes infermatioo associated with die user to whom content l^kmsed 

14, The ct^potcr->rcadablo medium of claim 13, wherein aaid In&rroation 
ia aelectod from tbo gronp ceoskbng oft $ nanm a. credit card oumber, ami a receipt 
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m>i>*w. -<-*c <mmv^.A.>. 



IS.. The campmer-readabte medium of claim: 9 ¥ schema said aetox 
providing at least asn^ cryptograpbio servfce c^mpTis^ i&ufog a auli to a secure 
repository, wtemn said seanra repository decrypts at least data, 

5 1 6. A method ^fsu^portmg aeo^nt distribution sysiem, said, otadiod 

comprising the acts of: 

providing, to a Erst entity, ^'ftMSce ibr requesting at least cw 
said Horace being usable by first -Kdtware; 

providing, to a aeeood entity, a set of dOTnput^exacutabte 
1 0 mstmettom that provide <>t» or mor^ -stsrvk*^ 

wherein a*dd compo^r -exeou^ble Inslmtdons are uivocalde by way of«d interface, 
sad wbsreio said onc er more services include eimbtbg the use of intbmmdon stored b 
an encrypted fcrmM. 



15 I t, The .method of claim l& whereto said' first eobty comprises a 

d^dopor ofs&S first software, 

J 8, The i-oomod of claim 16. wherein said first software ocanndses a 
digital, content rendering applieatk^n, 

20 

19, The mcibod of &Mm 16, wherein said second entity comprises a 
c«w of said irdbn nation. 



20. Themethod of eiabn IS, wbfeftsti ssaM" sat m cmnp^wr-mzml^e 
25 iostrucdom comprises a COM: object 

:| L The method af claim Id, wherein said one or mora sendees mclode 
deerypdog said ir^mtatioo for provisioo to said first soltw^ro, 

30 22 .. The method of cIto Hi whereto sard one or more services raolodo 

providiitg to said first sodware a key to decrypt said stt format*,. 



WO $I/<f$7$3 
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23 > The method of claim 16, wherein sai d one or more stocks inelsrks 
prtmis&g'to s&k! fet software a Basne of m mAmimd naer of mid mkymM&m* 

24. The method of eldm 16, wherein said one or room services an era do 
5 ensealing si ka^t seme of said mformMloa 

25. The method of efeirn 16, wherein ^klcase or .more service include 
mstfee^tkaling said first ^o|>wam, 

10 26, The method of ciaam I S, wheredi said act of providing: to mkt fSret 

entity is p^&rmoil by said first e&iky, 

1?, The method o f claim 1:6, wherein said aet .erf eo:m]>uter-e^^eota!>ie 
raatractiona irad odes insimeoom to; 
1 5 laena g call, to a. seeore r^podlorf if aaid I c&miaoon im 

associated therewife & fi rs! level of protection; and 

enable fe ^ of aaid lofenramon without using aaid secure 
repository if said. kfem^adoB Mas ^oolated therewith a aeeond level of protection 
different fern said fel level of proteodoo, 

ad 

28. A method of oalng feat dilbrmadon stored In an eoervpfed fdrnmi* 
a aid me&od comndsiog the acts of; 

leading a: oral reoueat to provide fct data which enables the ^ae of 
said, feat inlbrnmhosn and 
25 if said irat hrfbrmation -a aealed with aocood infennat^oo 

pertaining to an aothori^cd oaer of said drat loibrm^tion, imdng a aeeond rcqueat to 
provide eeeorai data wbwh includes seal second mtornmoora 

29, The method of claim 28* wherein, said second hribramdoo & selected 
30 !fem the group consisting of a mm®* a credit earn narnoen and a. receipt number. 



m Hiss nio&od of elate 2:8, wh^m.saki Ipi data comprises said !Im 
information in m unencrypted &nmt 

31, The mstted of claim 28, whe^m $sk$ fet data comprkss & key 
5 which d^o?^ ^sld &st k"^«^ion, 

32. The method of clann 28 v whemu said first request is issued m m 
object which sal^Ses said requests. 

O 13 . The o^ettod 0f eklm 32, wkmi^. said c^jjm comprises a COM 

object. 
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